ID: IRCNE2013011734
Date: 2013-01-15
According to “TechWorld”, thousands of critical SCADA systems reachable from the Internet are secured by dangerously weak default passwords, a survey carried out with the help of the US Department of Homeland Security has found.
According to a third-party report, Bob Radvanovsky and Jacob Brodsky of consultancy InfraCritical used scripts run through the Shodan search engine – ‘Google for hackers’ - to identify 7,200 vulnerable logins.
After initially searching 500,000 systems, the pair whittled that list in order to put a number to the problem of vulnerable SCADA interfaces before reporting their findings to the DHS.
“The biggest thing is we are trying to assign a number - a rough magnitude -to a problem plaguing the industry for some time now,” Radvanovsky was quoted as saying.
“Until you identify the scope of a problem, no one takes steps to change things. We’re doing it on a beer budget; we hope others confirm our results.”
The list of SCADA systems included critical infrastructure as well building automation, traffic control and red-light cameras and even crematoriums.
The DHS had contacted the controllers of the affected systems, the researchers said, although progress to rectify the dangerous insecurity had yet to be confirmed.
“This highlights a great weakness in critical infrastructure both in the US and beyond: security is still firmly rooted in the 20th century,” said Chris McIntosh, CEO of security specialist ViaSat UK.
Such systems should always use rigorous authentication and, preferably, and encrypted channel, he said.
“Companies should be working on the assumption that their systems have already been compromised and plan accordingly.”
- 2